price-feed-aggregator
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the
onchainosCLI to fetch on-chain price data and search for token addresses. This involves executing shell commands with parameters derived from user input or market search results. - [EXTERNAL_DOWNLOADS]: The skill identifies the
onchainosCLI as a mandatory dependency and suggests usingnpxto install missing components from a remote registry if they are not detected during the pre-flight verification. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through data ingested from external decentralized exchange venues. Ingestion points: Market data is retrieved via the
onchainos dex-market pricecommand. Boundary markers: The skill does not implement explicit delimiters or 'ignore embedded instructions' warnings for the external data it processes. Capability inventory: The skill has the capability to execute subprocesses through theonchainosCLI. Sanitization: The instructions do not specify any validation or filtering of the raw data returned from the blockchain queries.
Audit Metadata